<?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    public function handle($request, Closure $next)
    {
        // 允许所有域名访问
        header('Access-Control-Allow-Origin: *');

        // 允许的请求方法
        header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');

        // 允许的请求头
        header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');

        // 如果是 OPTIONS 请求，直接返回
        if ($request->getMethod() === 'OPTIONS') {
            return response()->json('OK', 200);
        }

        return $next($request);
    }
}
